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SIGINT Development as an enabler 
for GCHQ's "Effects" mission 



Uiis information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Effects 

Destroy | Deny | Degrade | Disrupt | Deceive | Protect 



Computer Network Attack (CNA) 

Computer Network Information Operations (CNIO) 

Disruption 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Effects in ^gchq 






Definition: having an impact in the real world 



Key deliverers: JTRIG and CNE 



Now major part of business - 5% of Operations 



Across all target types 



Continuous innovation of new tools and techniques 



Th is information is exemp t under the Freedom of Infor mation Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
o n II or 
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CNIO 

Computer Network Information Operations 

• Propaganda 

• Deception 

• Mass messaging 

• Pushing stories 

• Alias development 

• Psychology 

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOI A queries to GCHQ 
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Disruption / CNA 

• Masquerades 

• Spoofing 

• Denial of service 

- Phones 

- Emails 

- Computers 

- Faxes 

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Individual/Enterprise 
Low Impact 



WiFi DoS 



PSYOP 

(social networks 
/phone/ 
email) 





Critical 
Infrastructure 



Internet 

Rouilng 



Country wide 
High impact 



Email/SMS 
Spoofing 



Hiis information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Information Operations 

INFINITE CURVATURE/MOUNTAIN SLOPE 

Sending messages across the full spectrum of communications 



Telephony 



SMS 



SALAMANCA 

Data Mining 



Phone Code 
Prefix 



FAX 



Email 




Open 
Source 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to 
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ROYAL CONCIERGE 

A SIGINT driven hotel reservation tip-off service 



From: reservations@expensivehotel.com 
To: new-target@mod.gov.xx 

"Thank you for reserving " 



ROYAL CONCIERGE exploits these 
messages and sends out daily alerts to 
analysts working on governmental 
hard targets 

What hotel are they visiting? 
Is it SIGINT friendly? 




An enabler for effects - can we influence the hotel choice? Can we cancel their visit? 
We can use this as an enabler for HUMINT and Close Access Technical Operations 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Information Operations: The Social Web 




facebook 



flickr 



Deliver messages and multimedia content across Web 2.0 
Crafting messaging campaigns to go 'viral' 

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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CNIO 

Twitter TDI Development 




Need SIGINT coverage across protocols, 

Not necessarily consistent with target SIGDEV priorities 
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ZmMGJmOGVjZDgOMjoPY3JIYXRIZF9hdGwrCGWCJS4nA 

Q%253D%253D-- 

a3894361 aa489c2cd51 ff326358c92f2e4d39cd8; 



Login Server 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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CNIO 

Twitter TDI Development 





Base64 + double encoded URL 
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Login Server 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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CNIO 

Twitter TDI Development 



PPF application across 10G Environment 

1272671024 81.169.145.25 

128.242.240.20 6 55489 80 Login- 

twitter.com 31 solo_only@twitter.com 

TDI-Scope 4 User Route 13 
81 .1 69.1 45.25 HHFP-Hash 8 38 
4646d4 User-Agent 52 Twitter Tools 
Geo-IP-Src 28 

49.00;8.39;KARLSRUHE;DE;5MVV 

Geo-IP-Dst 33 39.0062;- 

77.4288;STERLING;U 

S;7LLM Event-security-label 6 10007F 

Stream-security-label 10 400023E0FF 




This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOI A queries to GCHQ 
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CNIO 

Twitter TDI Development 




Given a country: 



Who are the top Twitter 
Users ? 



Or given a user: 



Are they really in 
Kawestan? 



SIGDEV augments the IO process to aid targeting and takeup of message 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Information Ops 

Spheres of Influence 




INFLUENCE 



SOCIAL NETWORK 




This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
onl I or 
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Mobile Information Ops 




50 new mobile TDIs being 
Developed by end of 2010 

Also - Target Geographical 
Identifiers (TGI) 



We can shape CNIO against 
specific locations, users with 
a high degree of cognition 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
on I lur 
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CNA 

Vulnerability Assessment Process 



Development 



Enabling CNO For intelligence production teams, based on Target Templating methodology 



Target Terrcrtat^g is a hypothesis- basad, 
collaborative methodology tor Going network 
onatysis. Dy consbucbnrj o logical hypothesis ftom 
your knowledge gyps, *> turg^l thread is produced 
The thread Is based on the understanding of 6 
"Layers* understanding the taroel domain and how it 
connects to me Qtcoel rwrworK ana 
undorstoncSmg what opportunities con bo exploited to 

Informalion Need. 
Knowledge Gap 
Hypothesis 



o 

CO 

c 



yam oct>?« }-tfY*f 7 cwtutte iho work now, und what noefo 
to be <tone to achieve the outcome. Target Templatmg 
provides that framework in c*der to bieak dottn o problem 
nlo tne essential pans necessary to develop access and 
network tatatodgr* MButfMoH ot ihis kiKwtfodgo at all 
layers is essential to spotting linkages both horizontally 
across tr*e layers and vort*caty through thorn 50 the u$e 01 0 
visuotaabon oockaw during uie NADP will Ih* otKWraged 






Layer 1: Target - An Entity such o$a 
p€w or oigantsition. 



Layer 2; Infrastructure Mow the target 
connects to the global n*rtwoik 



Layer 3: Technology- UrKier^tandipg the 
(omnology ihe target u$es 10 conwdrweate 



Layer 4: Vulnerabilities * Lcokmg for 
vulnerabilities in the technologies 



Layer 5: Capabilities - Can we exploit the 
vulnerabrtibas? 



Layer 6: Access - What assets do vt** have 
tocdletuhe traffic? 



Layer 7: Expectation. Planning, Delivery 

How are we go™ to aefneve the 

dosiroJ ouIixmW 



For further information on Target Templating visit 
the GUILTY SPARK porta/ on GCWiki 





Vulnerability Assessment Template 



........ 



VA process delivered through 
NADP trained network analysts 
within each production team 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOI A queries to GCHQ 
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Human Systems Analysis 



Foreign News Agencies: 

Credential Harvesting 



Employee Analysis 



SIGDEV 



- who? 

- how? 

- why? 



Data in 




New Data out 
Data out 



Social not technological solution 

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOI A queries to GCHQ 
onl It ■]" 



Future? 
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Formalising Tradecraft for Analysts: 

"What SIGDEV needs to be 

done prior to starting an 
Effects operation?" 



Joining up with 5 EYES where possible (cyber development) 
BGP / MPLS network effects (HOTWIRE) 
SIP and VoIP Effects - Denial of Service, Psychological Operations 
Provide the defensive advice from the offensive perspective 

This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to GCHQ 
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Questions? 



Y 




jtrib HeadofJTRIG 
NSTS: 





SD Ef fects Lead 



M w 

i:M lfllg » :: : I D*f*flt*, Uttttl 



Find me on TAPIOCA 



names and phone numbers redacted 



This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOI A queries to GCHQ 



